🚨 High-severity security fix in [email protected] just released! - Patches CVE-2025-7338 — Denial of Service via unhandled exception from malformed request - All users should upgrade immediately: npm i multer@latest github.com/expressjs/mult…

🚨 Low-severity security fix in [email protected] just released! - Patches CVE-2025-7339 — vulnerable to http response header manipulation github.com/jshttp/on-head…

I had forgotten that the Node.js website also builds for environments that don't support ISR.

I just realized I had animations turned off, and I was wondering why scroll-behavior: smooth wasn’t working, haha.

"a" + ["c", "d"] = "ac,d" 🤓

now that i'm adding a feature to express's router, i think it would be a good idea to write a blog post explaining how it works under the hood.

People should read the migration guides when moving from one version to another. Those guides were made for a reason, not for people to do weird things when the new way of doing it has already been documented

A small but huge step at the same time, to enable a runtime deprecation for the _http_* modules in Node.js 26 that should be internal to Node and not exposed github.com/nodejs/node/pu…

Join this discussion on how to stop doing monkey-patching and achieve a solution in Node.js core to address several current issues in the Express ecosystem and very likely other web server framework ecosystems as well. github.com/nodejs/web-ser…

Say hello to my very old friend ExpressJS running on Cloudflare Developers workers!

Hi Express community! We’d love your feedback on our website’s content. ✨ What topics or resources would you like us to add? 🔧 What existing content do you think we could improve? Your input will help us make our docs even better, every idea matters! github.com/expressjs/expr…

After spending almost a whole day figuring out how to remove monkey-patching, and also improve Express' performance, I think I found a clean solution, especially after studying Fastify's core.

We have support for Express.js in @cloudflare Workers now. James Ross wrote a blog post on his personal blog about how to get started with it. We'll do our own tutorial in the docs soon so MCP servers, Cursor et al knows that it is possible :) jross.me/run-express-js…

Wow, bench-node is awesome, thanks Rafael Gonzaga for such a great tool. I just migrated some performance tests that were written for the iconv-lite package, and the results look great. github.com/ashtuchkin/ico…

🧐🤔

webpack (webpack module bundler) needs sponsors for our hackathon that we're about to host. Please do reach out if you can contribute any way, we can provide a lot for your company/org too! 💙

Fuck Windows

I’m pleased to announce that iconv-lite is now part of the ExpressJS project. Many thanks to Alex Shtuchkin for all these years of helping maintain the package and for allowing it to now have a new home here. And a release is coming soon 😉 github.com/pillarjs/iconv…

New version of iconv-lite, with changes that include: - Handle split surrogate pairs when encoding UTF-8 - Avoid false positives in encodingExists by using objects without a prototype - Make explicit that the decode() method supports Uint8Array input github.com/pillarjs/iconv…

Open source, a place where you need to have patience and now even more so with AI creating issues